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Tho MAILING DATE of this communication appears on the cover shoet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). tn no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above Is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to connmunication(s) filed on . 



2a)n This action is FINAL. 2b)IE This action is non-final. 

3) n Since this application is in condition for allowance except for fomial matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) K Claim(s) 7-40 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-40 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)n accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
11 )□ The proposed drawing correction filed on is: 3)0 approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 11 9(a)-(d) or (0- 

a)nAII b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17, 2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) S Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1) 13 Notice of References Cited (PTO-892) 4) [U Interview Summary (PTO-413) Paper No(s). . 

2) CH Notice of Draflsperson's Patent Drawing Review (PTO-948) 5) dl Notice of Informal Patent Application (PTO-152) 

3) □ Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 



U.S. Patent and Trade martt Office 
PTOL-326 (Rev. 04-01) 
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Detailed Action 

Claims 1-40 have been examined and are pending. 

Drawings 

Applicant is required to furnish a drawing under 37 CFR 1.81. No new matter may be introduced 
in the required drawing. 

New drawings are required in this application. Applicant is advised to employ the sen/ices of a 
competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer 
prepares new drawings. The corrected drawings are required in reply to the Office action to avoid 
abandonment of the application. The requirement for corrected drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-6 and 21-26 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lipner et 

al (USP 5,991,406). 

As per claim 1 and 21 , Lipner et al teach both a method and computer apparatus for executing 
the disclosed method (column 7, line 35-40): 

Combining a plurality of key splits to generate a cryptographic key (column 15, lines 13-16); 
Initializing a cryptographic algorithm with a cryptographic key (column 7, line 40-43); 
Applying cryptographic algorithm to an object [57]. 

Lipner et al fails to disclose using a biometric measurement as part of the encryption key. Lipner 
et al teach biometric tests are a way to authenticate a user (column 21, lines 34-41). Lipner et al teach 
that a key can be seeded with externally generated parameters (column 10, lines 50-52). In view of this, it 
would have been obvious to one of ordinary skill in the art at the time of the invention to modify the 
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teachings of Lipner et al to use bionnetrics as part of the key because it would add a personal parameter 
to the key that identifies who created it. 



As per claims 2, 3, 22, and 23, Lipner et al teach adding a reference data (LEAF) and a key split 
(ELVS) to the encrypted message when sending it to the receiver (column 15, lines 31-32). 



As per claims 4 and 24, Lipner et al teach retrieving key components (splits) from memory 
(column 10, lines 35-38). 

As per claims 5, 6, 25, and 26, Lipner et al teach that encryption can be perfomied in hardware 
such as a PCMCIA card (smartcard) (column 5, lines 29-32). Because the encryption is done on a 
smartcard, it is inherent that the smartcard has storage capabilities necessary for performing the 
encryption. Furthemiore, Lipner et al teach a system that can be executed in both hardware (i.e. 
smartcard) and software for executing the disclosed method (column 7, line 35-40). Consequently, the 
combining of the key splits is inherently performed on a smartcard. 



Claims 7, 8, 10-28, and 30-40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sudia (USP 6,009,177) in view of Lipner et al. 

As per claims 7, 14, 15, 16, 17, 27, 34, 35, 36, and 37 Sudia teaches: 

Generating a private key by combining key spits (column 18, lines 65-67); 

Initializing a cryptographic algorithm with a key (column 10, lines 62-67); 

Encrypting an object according to cryptographic algorithm (see FIG. 5); 

Adding combiner data (Message Control Header) (column 11, lines 33-39) which includes: 

Reference data (FIG. 18); 

Name data (FIG. 18); 

Maintenance split (FIG. 18); 

Maintenance level (FIG. 18); 

Random split (column 18, lines 46-49); 
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Timestamp (FIG. 18); 



Digital signature (FIG. 18); 



Digital certificate (FIG. 18); 



And storing the object with added combiner data (column 15, lines 39-43). 



Sudia teaches that the private key is broken up Into splits (column 18, lines 12-15). Sudia teaches a 
random number is generated for each split and, consequently, a random number is associated with each 
key (column 18, lines 12-61). Sudia is silent in disclosing that the key includes an organizational split, 
maintenance split, and a label split. Lipner et al teach that a key can be seeded with externally generated 
parameters (column 10, lines 50-52). Sudia teaches parameters to identify a user such as 
manufacturer's name (organization) (column 16, line 62), manufacturer public key/certificate 
(maintenance) (column 16, lines 60-61), and user's public signature (label) (column 17, line 15). 
Incorporating these parameters into the key splits to provide flexibility in the system's overall ability to 
enforce security. One skilled in the art would recognize that keys created from these parameters allow 
the system to authenticate a user and protect its resources from unauthorized persons. In view of this, it 
would have been obvious to one of ordinary skill in the art at the time of the invention to employ the 
teachings of Lipner et al into the system of Sudia because it would allow the system to better protect its 
resources to users of varying trust and responsibility. 

As per claims 8, 10, 28 and 30, the examiner supplies the same rationale for motivation for 
incorporating the teachings of Lipner et al into the system of Sudia as cited in the rejection of claim 7. 
Sudia teaches that various types of credentials are stored in memory for each user (column 16, line 31 - 
column 17, line 26). It is inherent that from these credentials is where the parameters will be selected to 
seed the key splits. 

As per claims 1 1 and 31 , Sudia teach that smart cards contain valuable user identification 
(column 22, lines 63-66). It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Sudia by storing user information in the memory of a smart card. 

As per claims 12 and 32, the examiner supplies the same rationale for motivation for 
incorporating the teachings of Lipner et al into the system of Sudia as cited in the rejection of claim 7. 
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Sudia teaches adding combiner data (Message Control Header) (column 11, lines 33-39), which includes 
atimestamp (FIG. 18) 

As per claims 13 and 33, the examiner supplies the same rationale for motivation for 
incorporating the teachings of Lipner et al into the system of Sudia as cited in the rejection of claim 7. 
Sudia teaches adding combiner data (Message Control Header) (column 11, lines 33-39), which includes 
an escrow certificate (FIG. 18), which includes a user name (I.D.) (FIG. 12), 

As per claims 18 and 38, Sudia teaches encrypting the fields of the MCH (label reference data) 
(column 26, lines 10-14). It is inherent that the fields are encrypted before being added to the header 
because the same key encrypts not all of the fields. Sudia also teaches the creation of a new session key 
(second cryptographic key) by which the entire message can be decrypted. Sudia teaches that the 
private key is broken up into splits (column 18, lines 12-15). Sudia teaches that this key is created in part 
by a secret number (unique data instance) (column 26, lines 14-29). Sudia also teaches using a random 
number to help create strong keys (column 18, lines 44-60). Therefore the secret number could be 
random because random numbers are strong. Sudia teaches a random number is generated for each 
split and, consequently, a random number (split) is associated with each key (column 18, lines 12-61). 

As per claims 19, 20, 39, and 40, Sudia teaches that part of the header data is encrypted (see 
FIG. 18, and specifically the sender's escrow certificate number (column 23, lines 27-31)). Sudia teaches 
adding combiner data (Message Control Header) as a header to all packets (column 1 1 , lines 33-39). 

Claims 9 and 29 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sudia and 
Lipner et al as applied to claims 7, 8, 27, and 28 above, and further in view of Nguyen (USP 5,689,566). 

As per claims 9 and 29, Sudia teaches encrypting the fields of the MCH (label reference data) 
(column 26, lines 10-14). Sudia also teaches the creation of a new session key (second cryptographic 
key) by which the entire message can be decrypted. Sudia teaches that this key is created in part by a 
secret number (unique data instance) (column 26, lines 14-29), Sudia also teaches using a random 
number to help create strong keys (column 18, lines 44-60). Therefore it would have been obvious to one 
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of ordinary skill in the art at the time of the invention to modify the system of Sudia to include the random 
number into the generation of the second key. 

The combined teachings of Sudia and Lipner et al are silent in disclosing creating a key in part 
from a user ID and password. Nguyen teaches creating a key from a user ID and password (column 3, 
lines 63-64). Sudia teaches that the private key is broken up into splits (column 18, lines 12-15). 
Creating part of the key from the user's ID and password allows the system to know who created the key 
(someone who knows both a valid user ID and the password for that user). In view of this, it would have 
been obvious to one of ordinary skill in the art at the time of the invention to employ the teachings of 
Nguyen into the combined system of Sudia and Lipner et al because it would decrease the chance of an 
unauthorized person of gaining system resources. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Patents 

5.347,580 Molva et al. 

5.991,408 Pearson et al. 

5.623,546 Hardy etal. 



Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Michael R Vaughan whose telephone number is 703-305-0354. The examiner can 
normally be reached on M-F 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 703-305-9648. The fax phone number for the organization where this 
application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding should be 
directed to the receptionist whose telephone number is 703-305-3900. 

MV 

Michael R Vaughan 
Examiner 
Art Unit 2131 

SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



AYAZ SHEIKH 



